In this case I like having autonomy and control of hosting my own data, but I also appreciate the efficiency and scalability of cloud services. That’s why, I’ve opted to host the database needed for Umami at home on my homeserver using Proxmox. However, when it comes to the dashboard – the visual heart of Umami – I use Netlify. Hosting the Umami dashboard on Netlify not only offloads my trusty NUC from running yet another service but also made installation a breeze with Netlify’s effortless deployment process. In this article I will show you how I set it up.

Setting Up Database on Proxmox

1. Download CT Template: Begin by obtaining the turnkey-postgresql CT template. The easiest way to do this is to download the template from the Proxmox web interface. Navigate to “Templates” -> “Download” and search for “turnkey-postgresql”. Select the template and click “Download”.

2. Create a LXC container:

   

   • Assign a fixed IP address (fixed to enable port forwarding).
   • Allocate 1024MB memory and 1024MB swap.
   • Dedicate 1 CPU core.
   • Designate 16GB for disk storage.
   • Ensure “start after created” is selected.

For me these where the resources that I had available, but you can adjust these to your own needs.

3. Complete Initialization: Access the console of your started container, log in with root and the password you set up at the previous step. Complete the installation, skipping any unnecessary add-ons but making sure to apply the updates.

   

4. Database Setup: Navigate to the browser using assigned-static-IP-address:12322 or simply input the IP address. This will take you to a dashboard where you can select Adminer. Use Adminer to log in with PostgreSQL credentials. Create a table named umami.

   

5. Port forwarding Make sure you don’t forget to enable port forwarding (5432) to the IP address of your running Postgres container. Ofcourse, this completely depends on your network setup. Keep in mind that exposing a port does come with security vulnerabilities. If you have an Ubiquiti router you can read this article for more information on how to set this up in a more safe way.

Deploying Umami on Netlify

1. Fork Repository: Fork the Umami repository to your GitHub account:

   https://github.com/umami-software/umami
   

2. Netlify Setup:

   • Log into Netlify.
   • Choose “Add New Site” -> “Import Existing Site”.
   • Opt for “Deploy with GitHub”.
   • Select your forked Umami repository.

3. Environment Variable:

   

   • In the site settings of your new project, navigate to “Site configuration” -> “Environment variables”.
   • Add the DATABASE_URL variable with the value:

     postgresql://<postgres_account>:<postgress_password>@<your_db_ip>/umami
     

4. Trigger Deployment:

   

   • In the Netlify dashboard, go to “Deploys”.
   • Select “Trigger Deploy” and choose “Clear cache and deploy site”.

The example here is just with Proxmox, but you can choose any popular solutions like AWS, Azure, DigitalOcean, or Heroku— provided they support PostgreSQL. At the end you just need to update the URL in the Netlify dashboard. Choose what’s best for your needs.

In this article I wrote down a step-by-step walkthrough on creating an isolated environment for hosting services, using a VLAN setup. By using a VLAN and setting up a firewall we can isolate the virtual server from your primary private network, layering an additional shield of security to your setup. As an example we’ll use a virtual machine (VM) hosting a database service as our primary example.

Ubiquiti VLAN Configuration

1. Create a VLAN

• Log into your UniFi Controller.
• Navigate to the “Settings” (gear icon) at the bottom left.
• Under “Networks”, click on “Create New Network”.
• Provide a name for the network, for instance, “Public VLAN”.
• Set “Purpose” to “Corporate”.
• Assign a VLAN ID of “10”.
• Define the subnet as 10.0.0.1/24.
• Configure the DHCP range if required and save these settings.

2. Firewall Rules for VLAN Traffic

• Proceed to “Routing & Firewall” within the settings.

• Select “Firewall” and then “LAN IN”.

• Set up a rule that permits only PostgreSQL traffic:

  • Name: Allow PostgreSQL to WAN
  • Action: Accept
  • Source: Public VLAN
  • Destination: Any
  • Ports: 5432 (PostgreSQL’s default port)

• Create rules that block all traffic from the VLAN to other local networks:

  • Name: Block VLAN to all LANs
  • Action: Drop
  • Source: Public VLAN
  • Destination: All other local networks/VLANs

3. Port Forwarding

• Navigate to “Routing & Firewall” and select “Port Forwarding”.

• Click on the “+ Create New Rule” or “Add New Port Forward Rule” button, which should open a new window or pane for rule creation.

• Name: Give the rule a descriptive name, e.g., “PostgreSQL Remote Access”.

• Enabled: Make sure this is toggled on.

• Rule Applied: Set to “After Predefined Rules”

• WAN Interface: Usually set to “All” unless you have multiple WANs and prefer a specific one.

• Original IP: Leave as “Any” to allow access from any external IP or specify a range/IP if you have a static IP where you’ll be connecting from.

• Original Port: Set to the PostgreSQL default port, “5432”.

• Forward IP: Enter the IP address of the machine where PostgreSQL is running, in this case, the VM’s IP, 10.0.0.2.

• Forward Port: Again, set this to “5432”.

• Protocol: PostgreSQL typically uses TCP, so set this to “TCP”. If there are any reasons to believe you need both TCP and UDP, you can set it to “Both”, but this is usually not necessary for PostgreSQL.

Proxmox VM Configuration

1. VM Creation or Modification

Now lest assign our newly created VLAN to a VM. Either initiate a new VM or select an existing one.

• Access the Proxmox web interface.
• During the setup or via the “Network” menu for an existing VM:
  • Set the Bridge, you can use your default, typically vmbr0.
  • Assign the VLAN Tag to “10”.
  • Ensure the firewall is activated.
  • IPv4/CIDR: 10.0.0.2/32
  • Gateway: 10.0.0.1
• Once the VM is started or rebooted, it should automatically acquire the assigned static IP.

Testing the Configuration

1. Verify the IP Address

• In Proxmox, access the VM’s console.
• Execute the ifconfig command to ensure that the IP address 10.0.0.2 has been correctly assigned.

2. Test Connectivity

• In the same console, check internet access by pinging an external website: ping www.daangeijs.nl.
• Subsequently, attempt to ping a device from your private network. This ping should fail, verifying that the VM is isolated from the private network.

There you go! You’ve successfully set up a VLAN and isolated a VM within it. You can now host services on this VM and access them from the internet, while keeping your private network secure.